#!/usr/bin/env sh
### BEGIN INIT INFO
# Provides:          pihole-FTL
# Required-Start:    $remote_fs $syslog $network
# Required-Stop:     $remote_fs $syslog $network
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: pihole-FTL daemon
# Description:       Enable service provided by pihole-FTL daemon
### END INIT INFO

# Global variables
FTLCONFFILE="/etc/pihole/pihole-FTL.conf"
DEFAULT_PID_FILE="/run/pihole-FTL.pid"
DEFAULT_PORT_FILE="/run/pihole-FTL.port"
FTL_PID=''

# Get the file path of the pihole-FTL.pid file
getFTLPIDFile() {
  if [ -s "${FTLCONFFILE}" ]; then
    # if PIDFILE is not set in pihole-FTL.conf, use the default path
    FTL_PID_FILE="$({ grep '^PIDFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PID_FILE}"; } | cut -d'=' -f2-)"
  else
    # if there is no pihole-FTL.conf, use the default path
    FTL_PID_FILE="${DEFAULT_PID_FILE}"
  fi
}

# Get the PID of the FTL process based on the content of the pihole-FTL.pid file
getFTLPID() {
  if [ -s "${FTL_PID_FILE}" ]; then
    # -s: FILE exists and has a size greater than zero
    FTL_PID="$(cat "${FTL_PID_FILE}")"
    # Exploit prevention: unset the variable if there is malicious content
    # Verify that the value read from the file is numeric
    expr "${FTL_PID}" : "[^[:digit:]]" > /dev/null && unset FTL_PID
  fi

  # If FTL is not running, or the PID file contains malicious stuff, substitute
  # negative PID to signal this
  FTL_PID=${FTL_PID:=-1}
}

# Get the file path of the pihole-FTL.port file
getFTLPortFile() {
  if [ -s "${FTLCONFFILE}" ]; then
    # if PORTFILE is not set in pihole-FTL.conf, use the default path
    FTL_PORT_FILE="$({ grep '^PORTFILE=' "${FTLCONFFILE}" || echo "${DEFAULT_PORT_FILE}"; } | cut -d'=' -f2-)"
  else
    # if there is no pihole-FTL.conf, use the default path
    FTL_PORT_FILE="${DEFAULT_PORT_FILE}"
fi
}


is_running() {
  if [ -d "/proc/${FTL_PID}" ]; then
    return 0
  fi
  return 1
}


# Start the service
start() {
  if is_running; then
    echo "pihole-FTL is already running"
  else
    # Touch files to ensure they exist (create if non-existing, preserve if existing)
    mkdir -pm 0755 /run/pihole /var/log/pihole
    [ ! -f "${FTL_PID_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PID_FILE}"
    [ ! -f "${FTL_PORT_FILE}" ] && install -m 644 -o pihole -g pihole /dev/null "${FTL_PORT_FILE}"
    [ ! -f /var/log/pihole/FTL.log ] && install -m 644 -o pihole -g pihole /dev/null /var/log/pihole/FTL.log
    [ ! -f /var/log/pihole/pihole.log ] && install -m 640 -o pihole -g pihole /dev/null /var/log/pihole/pihole.log
    [ ! -f /etc/pihole/dhcp.leases ] && install -m 644 -o pihole -g pihole /dev/null /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit all necessary files
    chown pihole:pihole /run/pihole /etc/pihole /var/log/pihole /var/log/pihole/FTL.log /var/log/pihole/pihole.log /etc/pihole/dhcp.leases
    # Ensure that permissions are set so that pihole-FTL can edit the files. We ignore errors as the file may not (yet) exist
    chmod -f 0644 /etc/pihole/macvendor.db /etc/pihole/dhcp.leases /var/log/pihole/FTL.log
    chmod -f 0640 /var/log/pihole/pihole.log
    # Chown database files to the user FTL runs as. We ignore errors as the files may not (yet) exist
    chown -f pihole:pihole /etc/pihole/pihole-FTL.db /etc/pihole/gravity.db /etc/pihole/macvendor.db
    # Chown database file permissions so that the pihole group (web interface) can edit the file. We ignore errors as the files may not (yet) exist
    chmod -f 0664 /etc/pihole/pihole-FTL.db

    # Backward compatibility for user-scripts that still expect log files in /var/log instead of /var/log/pihole/
    # Should be removed with Pi-hole v6.0
    if [ ! -f /var/log/pihole.log ]; then
        ln -s /var/log/pihole/pihole.log /var/log/pihole.log
        chown -h pihole:pihole /var/log/pihole.log

    fi
    if [ ! -f /var/log/pihole-FTL.log ]; then
        ln -s /var/log/pihole/FTL.log /var/log/pihole-FTL.log
        chown -h pihole:pihole /var/log/pihole-FTL.log
    fi

    if setcap CAP_NET_BIND_SERVICE,CAP_NET_RAW,CAP_NET_ADMIN,CAP_SYS_NICE,CAP_IPC_LOCK,CAP_CHOWN+eip "/usr/bin/pihole-FTL"; then
      su -s /bin/sh -c "/usr/bin/pihole-FTL" pihole
    else
      echo "Warning: Starting pihole-FTL as root because setting capabilities is not supported on this system"
      /usr/bin/pihole-FTL
    fi
    echo
  fi
}

# Stop the service
stop() {
  if is_running; then
    kill "${FTL_PID}"
    for i in 1 2 3 4 5; do
      if ! is_running; then
        break
      fi

      printf "."
      sleep 1
    done
    echo

    if is_running; then
      echo "Not stopped; may still be shutting down or shutdown may have failed, killing now"
      kill -9 "${FTL_PID}"
    else
      echo "Stopped"
    fi
  else
    echo "Not running"
  fi
  # Cleanup
  rm -f /run/pihole/FTL.sock /dev/shm/FTL-* "${FTL_PID_FILE}" "${FTL_PORT_FILE}"
  echo
}

# Indicate the service status
status() {
  if is_running; then
    echo "[ ok ] pihole-FTL is running"
    exit 0
  else
    echo "[    ] pihole-FTL is not running"
    exit 1
  fi
}


### main logic ###

# Get file paths
getFTLPIDFile
getFTLPortFile

# Get FTL's current PID
getFTLPID

case "$1" in
  stop)
        stop
        ;;
  status)
        status
        ;;
  start|restart|reload|condrestart)
        stop
        start
        ;;
  *)
        echo "Usage: $0 {start|stop|restart|reload|status}"
        exit 1
esac

exit 0
